News

  The web-development browser Blisk suffered a data breach leaking more than 2.9 million records through an open Elasticsearch database that was left open and that bypassed the security put in place by its users. The browser has been compromised in a way that it now leaks the data it was designed to gather from web development teams, UX designers and web engineers, according to Noam Rotem and Ran Locar, leaders of VPNMentor’s security team,...

An Illinois college is offering nearly free credit monitoring to over 1,700 current and former employees following a recent data breach. Officials at the College of DuPage confirmed on Monday that a cybersecurity incident had taken place recently. College president Brian Caputo said that personal and tax information belonging to 1,755 staff had been compromised. Data exposed in the incident included 2018 W-2 tax forms. Source: InfoSecurity

Each day, as the novel coronavirus multiplies and spreads, so do cyber scams capitalizing on users’ fears and thirst for knowledge concerning this pandemic. The perpetrators, and their victims, are based all over the world, as evidenced by two recently discovered global APT-style campaigns designed to spread remote access trojans. Source: SC Magazine

Princess Cruises has reported a data breach where an unsanctioned third party gained unauthorised access to some employee email accounts that contained personal information regarding its employees, crew, and guests. The company identified suspicious activity on its network in late May 2019, and has identified that the data breach happened between 11 April and 23 July 2019. Source: Marketing Interactive

A coronavirus tracking application is actually infecting Android devices with ransomware, with owners then asked to pay a $100 ransom to have their smartphones unlocked. Coronavirus trackers are particularly popular these days, as many users look for such apps to keep an eye on the virus outbreak, so it’s not necessarily a surprise that malicious actors are trying to use this growing demand for such apps for their own benefit. Source: Softpedia

Researchers at cybersecurity firm Kaspersky have discovered two new Android malware modifications that, when combined, can steal cookies collected by the browser and app of popular social networking sites and then allow the thieves to discreetly gain control of the victim’s account in order to send various ill-intentioned content. Source: Express Computer

  On Tuesday, March 3, the smartphones of tens of millions of Iranian citizens beeped in unison. “Dear compatriots, before going to the hospital or health center, install and use this software to determine if you or your loved ones have been infected with the coronavirus,” said the message, which claimed to come from the Ministry of Health. Source: Vice

The WordPress developer team is working on adding an auto-update mechanism to themes and plugins, a common source of website hacks, primarily because site owners usually install themes and plugins, and then forget to update them. Source: ZD Net

UPDATED A higher education institution in Victoria, Australia, has disclosed a data breach impacting the personal data of around 90,000 staff, students, and suppliers. In a security alert issued yesterday (March 11), Melbourne Polytechnic said Victoria Police had notified them that an individual who attended the campus in late 2018 had “obtained unauthorised access to Melbourne Polytechnic’s computer systems by hard logging onto the network; overcoming security measures”. Source: Portswigger

Open Exchange Rates has announced a data breach that exposed the personal information and salted and hashed passwords for customers of its API service. Open Exchange Rates provides an API that allows organizations to query real-time and historical exchange rates for over 200 world currencies. The service's web site states that their API is used by companies such as Etsy, Shopify, Coinbase, Kickstarter, and more. Source: Bleeping Computer